We are proud to announce that the Wikimedia Foundation received perfect marks in all five categories in the Electronic Frontier Foundation (EFF)’s Who’s Got Your Back? report.
The annual report, released on June 17, grades technology companies on how well they protect users’ rights and how transparent they are about their policies and activities. As the EFF points out, in an era in which the law is slow to keep pace with technical developments, it is the responsibility of technology companies to enact the strongest possible policies and practices to protect user rights.
This year, the Wikimedia Foundation earned five stars in all five categories:
- follows industry-accepted best practices;
- tells users about government data demands;
- discloses policies on data retention;
- discloses government content removal requests; and
- pro-user public policy: opposes backdoors.
Noting that we have adopted all of EFF’s recommended best practices, the report praised the Wikimedia Foundation for our “strong stance regarding user rights, transparency, and privacy.”
Industry-accepted best practices: The Wikimedia Foundation occasionally receives requests from governments and organizations to release nonpublic user data or remove content from the Wikimedia projects. Compared to other technology companies, we receive relatively few requests like these, in part because we collect little nonpublic information about our users and retain that information only for a limited time. When we do receive a request, we carefully scrutinize it to ensure that it meets our requirements prior to considering release of any nonpublic user information. As we state in our law enforcement guidelines, we require a valid, enforceable warrant before releasing any content to law enforcement. We also explain in those guidelines how we respond to data demands, and publish a transparency report that documents the requests we receive and how we responded.
Government data demands: We promise to give users prompt notice of government demands for nonpublic user information. When we receive a request, we seek to notify the affected user and provide a copy of the request at least 10 calendar days before we release the information. We will contact the user provided that we have the user’s contact information, that disclosing the request will not threaten life or limb, and that we are not otherwise prohibited by law from doing so. The notified user can then attempt to quash or legally challenge the request. If we are prevented from notifying users for one of the above reasons, we will provide information about the request to affected users after the threat or legal restriction has ended. Additionally, we may, and reserve the right to, challenge a request on behalf of any affected user, whether or not the user chooses to pursue his or her own legal challenge.
Data retention policies. We publish detailed information about our data retention policies.
Content removal requests: In our transparency report, we disclose government requests to remove user content or accounts, as well as information about how often we comply.
Pro-user public policy: We oppose “backdoors” that introduce security vulnerabilities for the government’s use.
As part of our commitment to supporting the free sharing of knowledge, we strive to do our utmost to protect our users’ privacy and we are honored to be recognized as industry leaders. We invite you to learn more about our efforts to protect user privacy and promote transparency at https://transparency.wikimedia.org/.
Geoff Brigham, Wikimedia Foundation General Counsel*
• *Our commitment to privacy is an organization-wide effort, and we thank all who are involved in upholding that commitment, including the Foundation’s Analytics, Operations, Design, Community Engagement, Communications, and Legal teams, as well as many others. Our special thanks go to Lexie Perloff-Giles for her assistance with this blog post.